""ET TROJAN Win32.Bicololo Response 1""
SID: 2016947
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2013_05_31, updated_at 2013_05_31
Reference:
-
md5
-
691bd07048b09c73f0a979529a66f6e3
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: !80
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "Set-Cookie|3a| ci_session="
-
Value: "|0d 0a 0d 0a|7|0d 0a|ne_unik|0d 0a|0"
Within:
PCRE: "/^(\r\n)+?$/R"
Special Options:
- fast_pattern